From f78d4f989e174661de6363b7f5f085383a17af5d Mon Sep 17 00:00:00 2001
From: "hb.min" <hb.min@samsung.com>
Date: Wed, 27 Mar 2013 01:32:54 +0900
Subject: [PATCH] Implement seperated server-so model

Change-Id: I0b243a0c0f2c94e21a7c3b19843d097c38736ec3
Signed-off-by: hb.min <hb.min@samsung.com>
---
 src/security/inc/FSec_AccessControlTypes.h         |   8 +-
 src/security/inc/FSec_PrivilegeManager.h           |   6 +-
 src/server/CMakeLists.txt                          |   2 +
 src/server/inc/FSec_PrivilegeManagerServer.h       |  76 +++++++
 .../security/FSec_PrivilegeManagerServer.cpp       | 242 +++++++++++++++++++++
 5 files changed, 328 insertions(+), 6 deletions(-)
 mode change 100755 => 100644 src/server/CMakeLists.txt
 create mode 100644 src/server/inc/FSec_PrivilegeManagerServer.h
 create mode 100644 src/server/security/FSec_PrivilegeManagerServer.cpp

diff --git a/src/security/inc/FSec_AccessControlTypes.h b/src/security/inc/FSec_AccessControlTypes.h
index f250902..dc27ae5 100644
--- a/src/security/inc/FSec_AccessControlTypes.h
+++ b/src/security/inc/FSec_AccessControlTypes.h
@@ -131,6 +131,7 @@ enum _Privilege
 	_PRV_PRIVACYMANAGER_READ,
 	_PRV_PRIVACYMANAGER_WRITE,
 	_PRV_ANTIVIRUS,
+	_PRV_INTERNET,
 	_MAX_PRIVILEGE_ENUM
 };
 
@@ -242,6 +243,7 @@ const static _PrivilegeStringList privilegeListTable[_MAX_PRIVILEGE_ENUM] =
 	{L"privacymanager.read", _PRV_PRIVACYMANAGER_READ},
 	{L"privacymanager.write", _PRV_PRIVACYMANAGER_WRITE},
 	{L"antivirus", _PRV_ANTIVIRUS},
+	{L"internet", _PRV_INTERNET},
 };
 
 enum _PrivilegeApiVersion
@@ -344,13 +346,14 @@ const static Tizen::Base::_ApiVisibility visibilityLevelListTable[_MAX_PRIVILEGE
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// bookmark.write
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// geolocationpermission.read
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// geolocationpermission.write
-	{ Tizen::Base::_API_VISIBILITY_PARTNER },	// lockmanager
+	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// lockmanager
 	{ Tizen::Base::_API_VISIBILITY_PUBLIC },	// shortcut.install
 	{ Tizen::Base::_API_VISIBILITY_PARTNER },	// appmanager.kill
 	{ Tizen::Base::_API_VISIBILITY_PARTNER },	// privilegemanager.read
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// privacymanager.read
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// privacymanager.write
 	{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER },	// antivirus
+	{ Tizen::Base::_API_VISIBILITY_PUBLIC },	// internet
 };
 
 enum _PrivilegeLevel
@@ -453,13 +456,14 @@ const static _PrivilegeLevel privilegeLevelListTable[_MAX_PRIVILEGE_ENUM][_PRV_A
 	{ _PRV_LEVEL_SYSTEM },	// bookmark.write
 	{ _PRV_LEVEL_SYSTEM },	// geolocationpermission.read
 	{ _PRV_LEVEL_SYSTEM },	// geolocationpermission.write
-	{ _PRV_LEVEL_USER },	// lockmanager
+	{ _PRV_LEVEL_SYSTEM },	// lockmanager
 	{ _PRV_LEVEL_USER },	// shortcut.install
 	{ _PRV_LEVEL_SYSTEM },	// appmanager.kill
 	{ _PRV_LEVEL_SYSTEM },	// privilegemanager.read
 	{ _PRV_LEVEL_SYSTEM },	// privacymanager.read
 	{ _PRV_LEVEL_SYSTEM },	// privacymanager.write
 	{ _PRV_LEVEL_SYSTEM },	// antivirus
+	{ _PRV_LEVEL_USER },	// internet
 };
 
 const int MAX_BITWISE_PRIV_SIZE = (((_MAX_PRIVILEGE_ENUM - 1) / 32) + 1) * 4;
diff --git a/src/security/inc/FSec_PrivilegeManager.h b/src/security/inc/FSec_PrivilegeManager.h
index b25ddb9..fe0a099 100644
--- a/src/security/inc/FSec_PrivilegeManager.h
+++ b/src/security/inc/FSec_PrivilegeManager.h
@@ -39,9 +39,7 @@ namespace Tizen { namespace Base
 class String;
 }}
 
-class PrivilegeService;
-
-namespace Tizen { namespace Security
+ namespace Tizen { namespace Security
 {
 
 class _PrivilegeCache;
@@ -105,7 +103,7 @@ private:
 	_PrivilegeCache* __pPrivilegeCache;
 	static _PrivilegeManager* __pPrivilegeManagerInstance;
 
-	friend class ::PrivilegeService;
+	friend class _PrivilegeManagerServer;
 	friend class _AccessController;
 	friend class AccessController;
 
diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
old mode 100755
new mode 100644
index 66fd485..4ef4f23
--- a/src/server/CMakeLists.txt
+++ b/src/server/CMakeLists.txt
@@ -7,6 +7,7 @@ INCLUDE_DIRECTORIES (
 	${CMAKE_SOURCE_DIR}/src/io/inc
 	${CMAKE_SOURCE_DIR}/src/system/inc
   	${CMAKE_SOURCE_DIR}/src/security/inc
+  	${CMAKE_SOURCE_DIR}/src/security
 	${CMAKE_SOURCE_DIR}/src/security/cert
 	${CMAKE_SOURCE_DIR}/src/app/inc
   	inc
@@ -16,6 +17,7 @@ SET (${this_target}_SOURCE_FILES
 	app/FApp_AulServer.cpp
 	io/FIo_IpcServer.cpp
 	security/FSec_CertServer.cpp
+	security/FSec_PrivilegeManagerServer.cpp
 	)
 	
 ## SET EXTRA COMPILER FLAGS
diff --git a/src/server/inc/FSec_PrivilegeManagerServer.h b/src/server/inc/FSec_PrivilegeManagerServer.h
new file mode 100644
index 0000000..384c9cc
--- /dev/null
+++ b/src/server/inc/FSec_PrivilegeManagerServer.h
@@ -0,0 +1,76 @@
+//
+// Open Service Platform
+// Copyright (c) 2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file	FSec_PrivilegeManagerServer.h
+ * @brief	This is the header file for the _PrivilegeManagerServer.
+ * This header file contains the declarations of the _PrivilegeManagerServer.
+ */
+
+#ifndef _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
+#define _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
+
+#include <FOspConfig.h>
+
+#include "FSec_AccessControlTypes.h"
+
+namespace Tizen { namespace Base { namespace Collection
+{
+class IList;
+}}}
+
+namespace Tizen { namespace Base
+{
+class String;
+}}
+
+class PrivilegeService;
+
+namespace Tizen { namespace Security
+{
+
+/**
+ * @class	_PrivilegeManagerServer
+ * @brief	This class provides a way to manage the privilege information.
+ * @since	2.1
+ *
+ * This class provides a way to manage the privilege information for privilege service.
+ *
+ */
+
+class _OSP_EXPORT_ _PrivilegeManagerServer
+{
+
+private:
+
+	_PrivilegeManagerServer(void);
+	virtual ~_PrivilegeManagerServer(void);
+
+	static result RetrievePrivilege(const Tizen::App::AppId& appId, Tizen::Base::String* pEncryptedBitwise, Tizen::Base::String* pHmac, Tizen::Base::Collection::ArrayList*& pPrivilegeList);
+	static result GenerateVisibilityString(Tizen::App::AppId appId, Tizen::Base::String* pEncryptedVisibility, Tizen::Base::String* pHmac);
+	static result GetEncryptedVisibility(int visibility, Tizen::Base::String& encryptedVisibility);
+	static result GetChecksum(Tizen::App::AppId appId, int visibility, Tizen::Base::String& checksum);
+
+private:
+
+	friend class ::PrivilegeService;
+
+};  // _PrivilegeManagerServer
+
+}} // Tizen::Security
+
+#endif // _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
diff --git a/src/server/security/FSec_PrivilegeManagerServer.cpp b/src/server/security/FSec_PrivilegeManagerServer.cpp
new file mode 100644
index 0000000..652458e
--- /dev/null
+++ b/src/server/security/FSec_PrivilegeManagerServer.cpp
@@ -0,0 +1,242 @@
+//
+// Open Service Platform
+// Copyright (c) 2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file		FSec_PrivilegeManagerServer.cpp
+ * @brief		This is the implementation for the _PrivilegeManagerServer class.
+ */
+
+#include <stdlib.h>
+#include <pthread.h>
+#include <unique_ptr.h>
+#include <FAppPkg_PackageInfoImpl.h>
+#include <FAppPkg_PackageManagerImpl.h>
+#include <FBaseString.h>
+#include <FBaseSysLog.h>
+#include <FSec_AccessControlTypes.h>
+#include <FSec_PrivilegeManager.h>
+#include <FSecCryptoAesCipher.h>
+#include <FSecCryptoSha1Hmac.h>
+#include <FBase_StringConverter.h>
+#include <FBaseInternalTypes.h>
+#include <FSec_DeviceKeyGenerator.h>
+#include "FSec_PrivilegeManagerServer.h"
+
+using namespace Tizen::App;
+using namespace Tizen::App::Package;
+using namespace Tizen::Base;
+using namespace Tizen::Base::Utility;
+using namespace Tizen::Base::Collection;
+using namespace Tizen::Io;
+using namespace Tizen::Security;
+using namespace Tizen::Security::Crypto;
+
+namespace Tizen { namespace Security
+{
+
+_PrivilegeManagerServer::_PrivilegeManagerServer(void)
+{
+	return;
+}
+
+_PrivilegeManagerServer::~_PrivilegeManagerServer(void)
+{
+	return;
+}
+
+result
+_PrivilegeManagerServer::RetrievePrivilege(const AppId& appId, String* pEncryptedBitwise, String* pHmac, ArrayList*& pPrivilegeList)
+{
+	result r = E_SUCCESS;
+	String encryptedBitwise;
+	String hmac;
+	ArrayList* pPrivilegeStringList = null;
+
+	r = _PrivilegeManager::RetrieveCipherPrivilegeExN(appId, encryptedBitwise, hmac, pPrivilegeStringList);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, r, "Propagating.");
+
+	pEncryptedBitwise->Append(encryptedBitwise);
+	pHmac->Append(hmac);
+
+	if (pPrivilegeStringList != null)
+	{
+		IEnumerator* pEnum = null;
+		pEnum = pPrivilegeStringList->GetEnumeratorN();
+		while (pEnum->MoveNext() == E_SUCCESS)
+		{
+			String* tempString = static_cast<String*>(pEnum->GetCurrent());
+			pPrivilegeList->Add(new String(*tempString));
+		}
+
+		delete pEnum;
+
+		pPrivilegeStringList->RemoveAll(true);
+		delete pPrivilegeStringList;
+	}
+
+	return r;
+}
+
+
+result
+_PrivilegeManagerServer::GenerateVisibilityString(AppId appId, String* pEncryptedVisibility, String* pHmac)
+{
+	_PackageInfoImpl infoImpl;
+	result r = E_SUCCESS;
+	int visibility = 0;
+
+	String encryptedVisibility;
+	String checksum;
+
+	r = infoImpl.Construct(appId);
+	if (r == E_PKG_NOT_INSTALLED)
+	{
+		SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
+		return E_DATA_NOT_FOUND;
+	}
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	visibility = infoImpl.GetApiVisibility();
+	SysTryReturnResult(NID_SEC, visibility >= 0, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = GetEncryptedVisibility(visibility, encryptedVisibility);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = GetChecksum(appId, visibility, checksum);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	pEncryptedVisibility->Append(encryptedVisibility);
+	pHmac->Append(checksum);
+
+	return r;
+}
+
+result
+_PrivilegeManagerServer::GetEncryptedVisibility(int visibility, String& encryptedVisibility)
+{
+	result r = E_SUCCESS;
+	ISecretKey* pKey = null;
+	ByteBuffer ivByte;
+	ByteBuffer* pEncryptedVisibility = null;
+	ByteBuffer* pTempVisibility = null;
+	AesCipher cipherEnc;
+	const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
+
+	pTempVisibility = new (std::nothrow) ByteBuffer();
+	SysTryReturnResult(NID_SEC, pTempVisibility != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
+
+	r = pTempVisibility->Construct(sizeof(int));
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = ivByte.Construct(_IV_LEN);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = ivByte.SetArray(ivector, 0, _IV_LEN);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+	ivByte.Flip();
+
+	r = pTempVisibility->SetArray((byte*)(&visibility), 0, sizeof(int));
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+	pTempVisibility->Flip();
+
+	r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+	SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = cipherEnc.SetKey(*pKey);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = cipherEnc.SetInitialVector(ivByte);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	pEncryptedVisibility = cipherEnc.EncryptN(*pTempVisibility);
+	SysTryCatch(NID_SEC, pTempVisibility != null, r = E_SYSTEM, E_SYSTEM,
+			   "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = StringUtil::EncodeToBase64String(*pEncryptedVisibility, encryptedVisibility);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	// fall through
+
+CATCH:
+
+	delete pTempVisibility;
+	delete pKey;
+	delete pEncryptedVisibility;
+
+	return r;
+}
+
+result
+_PrivilegeManagerServer::GetChecksum(AppId appId, int visibility, String& checksum)
+{
+	result r = E_SUCCESS;
+	byte tempChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
+
+	ISecretKey* pKey = null;
+	ByteBuffer ivByte;
+	ByteBuffer input;
+	IHmac* pHmac = null;
+	ByteBuffer* pChecksumByteBuffer = null;
+	char* pAppId = null;
+
+	pAppId = (char*) _StringConverter::CopyToCharArrayN(appId);
+	SysTryCatch(NID_SEC, pAppId != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	memcpy(tempChecksumString, pAppId, MAX_APP_ID_SIZE);
+	memcpy(tempChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
+
+	delete[] pAppId;
+	pAppId = null;
+
+	r = input.Construct(MAX_APP_ID_SIZE + sizeof(int));
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+	input.Flip();
+
+	pHmac = new (std::nothrow) Sha1Hmac();
+	SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
+
+	pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+	SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = pHmac->SetKey(*pKey);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	pChecksumByteBuffer = pHmac->GetHmacN(input);
+	SysTryCatch(NID_SEC, pChecksumByteBuffer != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
+	SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+	// fall through
+
+CATCH:
+
+	delete pKey;
+	delete pHmac;
+	delete pChecksumByteBuffer;
+
+	return r;
+}
+
+
+}} //Tizen::Security
-- 
2.7.4